Lucene search
K

7690 matches found

Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.65 views

Juniper Junos OS Multiple Vulnerabilities (JSA11289)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11289 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

8.1CVSS7.6AI score0.60122EPSS
Exploits5References6
OSV
OSV
added 2022/01/11 7:15 p.m.4 views

CVE-2021-34704

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to improper input validation when...

7.5CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2022/01/11 7:15 p.m.16 views

Input validation

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to improper input validation when...

7.1CVSS7.5AI score0.01307EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2022/01/11 7:15 p.m.18 views

Input validation

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to improper input validation when...

7.1CVSS7.5AI score0.01307EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/01/11 6:50 p.m.18 views

CVE-2021-34704 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to improper input validation when...

8.6CVSS8.2AI score0.01307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/11 6:50 p.m.10 views

CVE-2021-34704 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition. This vulnerability is due to improper input validation when...

8.6CVSS7.1AI score0.01307EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2022/01/06 5:3 a.m.9 views

notek-gmbh.de Cross Site Scripting vulnerability OBB-2325487

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Kitploit
Kitploit
added 2022/01/02 8:30 p.m.30 views

Lsarelayx - NTLM Relaying For Windows Made Easy

lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on. lsarelayx will relay any incoming authentication request which includes SMB. Since lsarelayx hooks into existing application authentication flows, the tool will also attempt...

7.3AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2022/01/02 3:33 p.m.12 views

bremer-baeder.de Cross Site Scripting vulnerability OBB-2320181

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2021/12/30 10:15 p.m.13 views

CVE-2021-20154

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords...

7.5CVSS0.00767EPSS
Exploits0References1
Prion
Prion
added 2021/12/30 10:15 p.m.9 views

Design/Logic Flaw

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords...

4.3CVSS7.4AI score0.00767EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.16 views

CVE-2021-20154

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords...

7.6AI score0.00767EPSS
Exploits0References1
CVE
CVE
added 2021/12/30 9:31 p.m.48 views

CVE-2021-20154

CVE-2021-20154 affects Trendnet AC2600 TEW-827DRU (firmware 2.08B01). The root cause is that the device’s web interface does not enable HTTPS by default, allowing cleartext transmission of sensitive data (e.g., passwords) over the network. Affected component is the web interface; impact is exposu...

7.5CVSS7.4AI score0.00767EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2021/12/23 1:21 p.m.23 views

CVE-2020-16156

A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification. Mitigation This issue can be mitigated by...

7.8CVSS0.3AI score0.00791EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:39 p.m.52 views

Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities

Summary IBM Event Streams UI affected by multiple node package vulnerabilities Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 ...

9.8CVSS8.4AI score0.37286EPSS
Exploits2Affected Software1
0day.today
0day.today
added 2021/12/20 12:0 a.m.402 views

phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...

0.4AI score
Exploits0
wpexploit
wpexploit
added 2021/12/20 12:0 a.m.110 views

Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...

1.2AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/20 12:0 a.m.36 views

Security update for netdata (moderate)

openSUSE Security Update: Security update for netdata Announcement ID: openSUSE-SU-2021:1603-1 Rating: moderate References: 1139094 1139095 1139098 Cross-References: CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 CVSS scores: CVE-2018-18836 NVD : 6.5...

7.5CVSS6.7AI score0.02172EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2021/12/20 12:0 a.m.79 views

Python < 3.6.14 / 3.7.11 / 3.8.11 / 3.9.6 DoS

A denial of service vulnerability exists in Python 3.6.x 3.6.14, 3.7.x 3.7.11, 3.8.x 3.8.11, and 3.9.x 3.9.6. If a client performs an HTTP/HTTPS/FTP request against a service controlled by an attacker, the attacker can make this client hang forever, even if the client has set a timeout argument...

7.5CVSS7.3AI score0.11586EPSS
Exploits1References2
Hacker One
Hacker One
added 2021/12/14 3:55 a.m.46 views

MTN Group: Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228

The vulnerability CVE-2021-44228, a remote code injection flaw in Log4j, was discovered on the website http://mtn1app.mtncameroon.net. The vulnerability was confirmed to be present on the ports 8080 and 8443 of the website. The issue was demonstrated by retrieving the hostname of the affected...

10CVSS9.7AI score0.99999EPSS
Exploits347
Rows per page
Query Builder